June 2021 Deployment Notice - Microsoft Trusted Root Program
On Tuesday, June 22, 2021, Microsoft released an update to the Microsoft Trusted Root Certificate Program.
This release will add the following roots (CA \ Root Certificate \ SHA-1 Thumbprint):
- Microsoft Corporation \ Microsoft Identity Verification Root Certificate Authority 2020 \ F40042E2E5F7E8EF8189FED15519AECE42C3BFA2
- HARICA \ HARICA Client RSA Root CA 2021 \ 46C6900A773AB6BCF465ADACFCE3F707006EDE6E
- HARICA \ HARICA Code Signing RSA Root CA 2021 \ 8DDEB82046B6227C79246A3EAD7B32C3E88FFCAC
- HARICA \ HARICA TLS ECC Root CA 2021 \ BCB0C19DE9989270193857E98DA7B45D6EEE0148
- HARICA \ HARICA Client ECC Root CA 2021 \ BE64D3DA144BD26BCDAF8FDBA6A672F8DE26F900
- HARICA \ HARICA TLS RSA Root CA 2021 \ 022D0582FA88CE140C0679DE7F1410E945D7A56D
- HARICA \ HARICA Code Signing ECC Root CA 2021 \ E436E537B71342B62E8E00305AD9A3D1D73347E9
This release will NotBefore the following roots (CA \ Root Certificate \ SHA-1 Thumbprint):
- Krajowa Izba Rozliczeniowa S.A. (KIR) \ SZAFIR ROOT CA \ D3EEFBCBBCF49867838626E23BB59CA01E305DB7
This release will NotBefore the Code Sign EKU to the following roots (CA \ Root Certificate \ SHA-1 Thumbprint):
- Halcom D.D. \ Halcom Root Certificate Authority \ 23D731FEDC5C8BB97DE6DC8E13B411BD4F24004F
Note
- As part of this release, Microsoft also updated the Untrusted CTL time stamp and sequence number. No changes were made to the contents of the Untrusted CTL but this will cause your system to download/refresh the Untrusted CTL. This is a normal update that is sometimes done when the Trusted Root CTL is updated.
- The update package will be available for download and testing at: https://aka.ms/CTLDownload
- Signatures on the Certificate Trust Lists (CTLs) for the Microsoft Trusted Root Program changed from dual-signed (SHA-1/SHA-2) to SHA-2 only. No customer action required. For more information, please visit: https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus